stackoom
  简体   繁体   中英

How to store hashed password in database?

 原文  2019-11-19 07:40:58       java/ spring/ hibernate/ spring-boot

Question

Here are my register controller and user service. Why can I not store my password in my database?

When I'm using Postman it returns values of the hashed password, but when I check my database it only stores the "email" and the password is null. Why? Should I create another table Password to store them?

package demo2.demo.Controller;

import demo2.demo.data.model.User;
import demo2.demo.data.service.UserService;
import demo2.demo.model.dto.UserDTO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;


@RestController
public class LoginController {

    @Autowired
    private UserService userService;
    @Autowired
    private PasswordEncoder passwordEncoder;

    @PostMapping(path = "/register")
    public User registerNewUser(@RequestBody UserDTO userDTO) {
        User user = new User();
        user.setEmail(userDTO.getEmail());
        user.setPassword(userDTO.getPassword());
        userService.register(user);
        return user;
    }
}

package demo2.demo.data.service;

import demo2.demo.constant.RoleConstant;
import demo2.demo.data.model.User;
import demo2.demo.data.model.UserRole;
import demo2.demo.data.repository.UserRepository;
import demo2.demo.data.repository.UserRoleRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

@Service
public class UserService {

    @Autowired
    private UserRepository userRepository;
    @Autowired
    private UserRoleRepository userRoleRepository;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

//  find by email
    public User findByEmail(String email) {
        return (User) userRepository.findUserByEmail(email);
    }
//    find by id
    public User findByID(int id) { return userRepository.findById(id).orElse(null);}

//    register
    public void register(User user) {
        try {
            //        hash password
            user.setPassword(passwordEncoder().encode(user.getPassword()));
            //        save user
            userRepository.save(user);
            //        tạo quyền role
            UserRole userRole = new UserRole();
            userRole.setRoleID(RoleConstant.roleUser);
            userRole.setUserID(user.getId());
            userRoleRepository.save(userRole);
        }catch (Exception e) {
            e.getMessage();
        }
    }
}

this is my user_role class

@Entity(name = "dbo_user_role")
public class UserRole {
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "user_role_id")
    @Id
    private int id;
    @Column(name = "role_id")
    private int roleID;
    @Column(name = "user_id")
    private int userID;
//  getter&setter

This is role class

@Entity(name = "dbo_role")
public class Role {
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "role_id")
    @Id
    private int id;
    private String name;

    @ManyToMany(fetch = FetchType.LAZY,
                cascade = {
                        CascadeType.MERGE,
                        CascadeType.PERSIST
                })
    @JoinTable(name = "dbo_user_role",
                joinColumns = {@JoinColumn(name = "role_id")},
                inverseJoinColumns = {@JoinColumn(name = "user_id")})
// getter&setter

And this is role class

@Entity(name = "dbo_user")
public class User {
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "user_id")
    @Id
    private int id;
    private String email;
    @Transient
    private String password;

1 answers

solution1
 1 ACCPTED  2019-11-19 08:15:29

@Transient avoids the persistence of the password-field.

From https://docs.jboss.org/hibernate/jpa/2.1/api/javax/persistence/Transient.html

Specifies that the property or field is not persistent.

In order to store the contents of the field, remove the @Transient annotation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Hashed Database Password [Hibernate] Store and validate hashed password with salt How can I store hashed password in sqlite android Spring Boot, MySQL: How to do a database authentication with a hashed password? How to compare the hashed password with the one stored in the mySql database? How to decrypt the hashed password of pbkdf How to store password encrypted in database? Verifying Hashed Password From MySQL Database authenticate member through database with hashed/salted password hashed password
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM